[ippm] Roman Danyliw's Discuss on draft-ietf-ippm-ioam-ipv6-options-09: (with DISCUSS and COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Tue, 22 November 2022 20:09 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: ippm@ietf.org
Delivered-To: ippm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3311DC1526E0; Tue, 22 Nov 2022 12:09:29 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-ippm-ioam-ipv6-options@ietf.org, ippm-chairs@ietf.org, ippm@ietf.org, marcus.ihlar@ericsson.com, marcus.ihlar@ericsson.com
X-Test-IDTracker: no
X-IETF-IDTracker: 9.1.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <166914776920.27695.955739020276015032@ietfa.amsl.com>
Date: Tue, 22 Nov 2022 12:09:29 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/Jd5sMe7mNawEi-vYf6fd3qplehk>
Subject: [ippm] Roman Danyliw's Discuss on draft-ietf-ippm-ioam-ipv6-options-09: (with DISCUSS and COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2022 20:09:29 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-ippm-ioam-ipv6-options-09: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-ipv6-options/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Section 4 and RFC9197 seem clear that IOAM traffic cannot leave the IOAM domain. However, this document seems to be suggesting behavior that violates this guidance. Specifically, in Section 5.1, it allows for the possibility of leaks per (a) and explicitly describe a use case where leaks are intentional (b). (a) Section 5.1. C3. IOAM domains MUST provide a mechanism to prevent data leaks or be able to ensure that if a leak occurs, network elements outside the domain are not affected (i.e., they continue to process other valid packets). (b) Section 5.1. C5. An Autonomous System (AS) that inserts and leaks the IOAM data needs to be easy to identify for the purpose of troubleshooting,... Furthermore, per (a), why are “IOAM domains … provid[ing] a mechanism” which suggests a feature rather than a required to explicitly prevent this behavior. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Section 4. As additional security, IOAM domains MUST provide a mechanism to prevent unauthorized injections at ingress or leaks at egress. No disagreement. To clarify, is this a new requirement? I thought this configuration was the mandatory architecture of IOAM. Per RFC9197: Notably, IOAM is expected to be deployed in limited domains, thus confining the potential attack vectors to within the limited domain. A limited administrative domain provides the operator with the means to select, monitor, and control the access of all the network devices, making these devices trusted by the operator. Indeed, in order to limit the scope of threats mentioned above to within the current limited domain, the network operator is expected to enforce policies that prevent IOAM traffic from leaking outside of the IOAM- Domain and prevent IOAM data from outside the domain to be processed and used within the domain. ** Section 4. Please be explicit on where the Option Data is specified. I believe it is: -- For the “Pre-allocated Traction Option” and “Incremental Trace Option”, Section 4.4 of RFC9197 -- For the “Proof of Transition Option”, Section 4.5 of RFC9197 -- For the “Edge to Edge Option”, Section 4.6 of RFC9197 -- For the “Direct Export Option” Section 3.2 of RFC9326 ** Section 5.1. C3. Packets with IOAM data or associated ICMP errors, should not arrive at destinations that have no knowledge of IOAM. For example, if IOAM is used in in transit devices, misleading ICMP errors due to addition and/or presence of OAM data in a packet could confuse the host that sent the packet if it did not insert the OAM information. Is the expectation that any entity which adds IOAM headers (either at the source or in transit) will know if a destination in the IOAM domain supports these headers? If so, is that realistic (not knowing where this is currently, or anticipated to be, fielded)?. ** Section 5.1. C3. The entities that communicate the errors to devices outside of the IOAM domain MUST remove any IOAM data from the packet included in the error message. The completeness of this guidance seems to depend on how one reads “the entities that communicate the error” – is it the IOAM hosts or also the network devices at the edge of the IOAM domain. I took it to mean hosts per the deployment model defined in Section 5.2. (IOAM domains bounded by hosts) which would be insufficient. Could this text please be made clearer to cover the deployment models described in 5.2 and 5.3. Editorial ** Section 4. Typo. s/inSection 7/in Section 7/
- [ippm] Roman Danyliw's Discuss on draft-ietf-ippm… Roman Danyliw via Datatracker
- Re: [ippm] Roman Danyliw's Discuss on draft-ietf-… Frank Brockners (fbrockne)